What does GDPR mean?

In the last twenty years, the EU General Data Protection Regulation (GDPR) is the most important piece of European data protection legislation. It entered into force on May 25, 2018.

GDPR replaces the 1995 EU Data Protection Directive (European Data Protection Directive 95/46/EC), reinforces the EU’s data rights and creates a uniform data protection law across Europe.

Brexit will not affect the new regulation as GDPR will be enforceable from 25 May 2018 by the Secretary of State for the Department of Culture Media and Sport.

How will GDPR affect my business?

The GDPR applies to organizations within the EU that process and hold personal data. It also applies to non-EU organizations that offer individuals in the EU goods or services.

Personal data refers to any information that can be used to identify the person directly or indirectly. This could be from a name, IP address of a computer, bank details or location data.

Depending on the severity of non-compliance, companies can expect to be fined for failing to comply with GDPR by up to 2% of global annual turnover or €10 million (whichever is higher). Companies can be fined up to 4 percent of global annual turnover or € 20 million for more serious data breaches. These rules now apply significantly to both controllers and processors.